Home » Android » android – Firebase + Permissions

android – Firebase + Permissions

Posted by: admin May 14, 2020 Leave a comment

Questions:

I just updated one app from Firebase 9.0.0 to Firebase 9.0.2.
I use messaging + ads.

compile 'com.google.firebase:firebase-messaging:9.0.2' 
compile "com.google.firebase:firebase-ads:9.0.2"

Now a lot of unwanted permission have cropped up

android:name="android.permission.READ_PHONE_STATE"
android:name="android.permission.READ_EXTERNAL_STORAGE"
android:name="android.permission.WRITE_EXTERNAL_STORAGE"

I didn’t add those permissions anywhere, so they must be from Firebase.
I know my clients don’t like these permissions, so I removed them with

<uses-permission
    android:name="android.permission.READ_PHONE_STATE"
    tools:node="remove" />
<uses-permission
    android:name="android.permission.READ_EXTERNAL_STORAGE"
    tools:node="remove" />
<uses-permission
    android:name="android.permission.WRITE_EXTERNAL_STORAGE"
    tools:node="remove" />

My app still works, messaging and ads still work, still I’d like my suspicions confirmed.

Why does Firebase add those permissions and is it really ok to remove them like I did?

How to&Answers:

This issue was fixed in 12.0.1. Source https://developers.google.com/android/guides/releases

March 28, 2018 – Verison 12.0.1

Issues fixed in 12.0.1:

  • Fixes issue that caused spurious Android lint errors claiming
    GoogleSignIn and CredentialsClient were internal-only.
  • Adds missing
    minSdkVersion in -license artifacts to prevent automatic inclusion of
    READ_PHONE_STATE and READ_EXTERNAL_STORAGE permissions.
  • Restores
    unique package names for runtime linked -license artifacts which
    affected some build systems’ (e.g. Ionic Pro) compatibility issues.
  • Restores some fields names that were obfuscated in 12.0.1, namely the
    value() method of @PropertyName annotations in firebase-firestore and
    firebase-database.

Answer:

android:name="android.permission.READ_PHONE_STATE"
android:name="android.permission.READ_EXTERNAL_STORAGE"
android:name="android.permission.WRITE_EXTERNAL_STORAGE"

these permissions are different they are not used in fcm.

PHONE_STATE permission to know current state of phone

and READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE to add and delete file in memory from your app, if you are not using any of these functionalities you can remove it.